Re: [IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-07.txt

Yaron Sheffer <yaronf@checkpoint.com> Sat, 22 August 2009 05:25 UTC

Return-Path: <yaronf@checkpoint.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 307623A68A9 for <ipsec@core3.amsl.com>; Fri, 21 Aug 2009 22:25:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.298
X-Spam-Level:
X-Spam-Status: No, score=-2.298 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RUU6R4LLLFKq for <ipsec@core3.amsl.com>; Fri, 21 Aug 2009 22:25:42 -0700 (PDT)
Received: from dlpdemo.checkpoint.com (dlpdemo.checkpoint.com [194.29.32.54]) by core3.amsl.com (Postfix) with ESMTP id 524FA3A680E for <ipsec@ietf.org>; Fri, 21 Aug 2009 22:25:41 -0700 (PDT)
Received: by dlpdemo.checkpoint.com (Postfix, from userid 105) id D760F29C002; Sat, 22 Aug 2009 08:26:08 +0300 (IDT)
Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by dlpdemo.checkpoint.com (Postfix) with ESMTP id 2E47C200456; Sat, 22 Aug 2009 08:26:08 +0300 (IDT)
X-CheckPoint: {4A8F805B-0-14201DC2-1FFFF}
Received: from il-ex01.ad.checkpoint.com (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id n7M5Pi3d015416; Sat, 22 Aug 2009 08:25:44 +0300 (IDT)
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([194.29.32.26]) with mapi; Sat, 22 Aug 2009 08:25:45 +0300
From: Yaron Sheffer <yaronf@checkpoint.com>
To: Jack Kohn <kohn.jack@gmail.com>, "ipsec@ietf.org" <ipsec@ietf.org>
Date: Sat, 22 Aug 2009 08:25:42 +0300
Thread-Topic: [IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-07.txt
Thread-Index: AcoirTRnqVRsgGQwQdaeQivF367TsAAOR1wA
Message-ID: <7F9A6D26EB51614FBF9F81C0DA4CFEC80158E120B3E1@il-ex01.ad.checkpoint.com>
References: <20090810234501.D0BF03A6E8C@core3.amsl.com> <dc8fd0140908211517y3850c4a0w1edc78513c183aaa@mail.gmail.com>
In-Reply-To: <dc8fd0140908211517y3850c4a0w1edc78513c183aaa@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_002F_01CA2302.238DC200"
MIME-Version: 1.0
Cc: "Bhatia, Manav (Manav)" <manav@alcatel-lucent.com>, "Grewal, Ken" <ken.grewal@intel.com>, "g_e_montenegro@yahoo.com" <g_e_montenegro@yahoo.com>, "paul.hoffman@vpnc.org" <paul.hoffman@vpnc.org>
Subject: Re: [IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-07.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Aug 2009 05:25:44 -0000

Hi Jack,

 

I believe it is essential that both this draft and the ESP-null Heuristics
draft contain language that clarifies how they relate to one another. I
posted some text to the list on Aug. 11, and I am still awaiting approval
from the Heuristics group of authors. When we have this point resolved, the
draft is ready to move forward.

 

Thanks,

            Yaron

 

  _____  

From: Jack Kohn [mailto:kohn.jack@gmail.com] 
Sent: Saturday, August 22, 2009 1:18
To: ipsec@ietf.org
Cc: Yaron Sheffer; Grewal, Ken; paul.hoffman@vpnc.org;
g_e_montenegro@yahoo.com; Bhatia, Manav (Manav)
Subject: Re: [IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-07.txt

 

I believe this draft had cleared the WG LC long time back. What else are the
chairs/authors waiting for?

Jack

On Tue, Aug 11, 2009 at 5:15 AM, <Internet-Drafts@ietf.org> wrote:

A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the IP Security Maintenance and Extensions
Working Group of the IETF.


       Title           : Wrapped ESP for Traffic Visibility
       Author(s)       : K. Grewal, et al.
       Filename        : draft-ietf-ipsecme-traffic-visibility-07.txt
       Pages           : 14
       Date            : 2009-08-10

This document describes the Wrapped Encapsulating Security
Payload (WESP) protocol, which builds on top of Encapsulating
Security Payload (ESP) [RFC4303] and is designed to allow
intermediate devices to ascertain if ESP-NULL [RFC2410] is being
employed and hence inspect the IPsec packets for network
monitoring and access control functions.  Currently in the IPsec
standard, there is no way to differentiate between ESP
encryption and ESP NULL encryption by simply examining a packet.
This poses certain challenges to the intermediate devices that
need to deep inspect the packet before making a decision on what
should be done with that packet (Inspect and/or Allow/Drop). The
mechanism described in this document can be used to easily
disambiguate ESP-NULL from ESP encrypted packets, without
compromising on the security provided by ESP.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-traffic-visibility-07
.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.


_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec